command III……REGISTRY

Registry is the most powerful tool in windows operating system, any errors occurs in our machine we try to solve it through the regedit first….even now a days we try to fix the viruses through registry.we may not able to access our GUI mode of Registry when our machine get infected by virus so through this blog I am trying to share my knowledge of CUI mode edit and operation of Regedit.Hope you will enjoy this.

 

Here the command line goes….

REG Operation [Parameter List]

Operation [ QUERY | ADD | DELETE | COPY | SAVE | LOAD | UNLOAD | RESTORE | COMPARE | EXPORT | IMPORT ]

Return Code: (Except of REG COMPARE)

0 – Succussful
1 – Failed

REG QUERY

REG QUERY KeyName [/v ValueName | /ve] [/s]

KeyName
[Machine]FullKey

Machine
Name of remote machine, omitting defaults to the current machine
Only HKLM and HKU are available on remote machines

FullKey
in the form of ROOTKEYSubKey name
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey – The full name of a registry key under the selected ROOTKEY

/v
query for a specific registry key

ValueName
The name, under the selected Key, to query if omitted, all values under the Key are queried

/ve
query for the default value or empty value name <no name>

/s
queries all subkeys and values

REG ADD

REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f]

KeyName
[\Machine]FullKey

Machine
Name of remote machine – omitting defaults to the current
machine Only HKLM and HKU are available on remote machines

FullKey
ROOTKEYSubKey
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY

/v
The value name, under the selected Key, to add

/ve
adds an empty value name <no name> for the key

/t RegKey
data types
[ REG_SZ | REG_MULTI_SZ | REG_DWORD_BIG_ENDIAN | REG_DWORD | REG_BINARY | REG_DWORD_LITTLE_ENDIAN | REG_NONE | REG_EXPAND_SZ ]
If omitted, REG_SZ is assumed

/s
Specify one charactor that you use as the separator in your data
string for REG_MULTI_SZ. If omitted, use “” as the separator

/d
The data to assign to the registry ValueName being added

/f
Force overwriting the existing registry entry without prompt

REG DELETE

REG DELETE KeyName [/v ValueName | /ve | /va] [/f]

KeyName
[\Machine]FullKey

Machine
Name of remote machine – omitting defaults to the current machine
Only HKLM and HKU are available on remote machines

FullKey
ROOTKEYSubKey
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY

ValueName
The value name, under the selected Key, to delete
When omitted, all subkeys and values under the Key are deleted

/ve
delete the value of empty value name <no name>

/va
delete all values under this key

/f
Forces the deletion without prompt

REG COPY

REG COPY KeyName1 KeyName2 [/s] [/f]

KeyName
[\Machine]FullKey

Machine
Name of remote machine – omitting defaults to the current machine
Only HKLM and HKU are available on remote machines

FullKey
ROOTKEYSubKey
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY

/s
Copies all subkeys and values

/f
Forces the copy without prompt

REG SAVE

REG SAVE KeyName FileName

KeyName
ROOTKEYSubKey
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY

FileName
The name of the disk file to save. If no path is specified, the file is created in the current folder of the calling process

REG RESTORE

REG RESTORE KeyName FileName

KeyName
ROOTKEYSubKey (local machine only)
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key to restore the hive file into.
Overwriting the existing key’s values and subkeys

FileName
The name of the hive file to restore
You must use REG SAVE to create this file

REG LOAD

REG LOAD KeyName FileName

KeyName
ROOTKEYSubKey (local machine only)
ROOTKEY [ HKLM | HKU ]
SubKey The key name to load the hive file into. Creating a new key

FileName
The name of the hive file to load
You must use REG SAVE to create this file

REG UNLOAD

REG UNLOAD KeyName

KeyName
ROOTKEYSubKey (local machine only)
ROOTKEY [ HKLM | HKU ]
SubKey The key name of the hive to unload

REG COMPARE

REG COMPARE KeyName1 KeyName2 [/v ValueName | /ve] [Output] [/s]

KeyName
[\Machine]FullKey
Machine Name of remote machine – omitting defaults to the current machine
Only HKLM and HKU are available on remote machines
FullKey ROOTKEYSubKey
If FullKey2 is not specified, FullKey2 is the same as FullKey1
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY

ValueName
The value name, under the selected Key, to compare
When omitted, all values under the Key are compared

/ve
compare the value of empty value name <no name>

/s
Compare all subkeys and values

Output
[/oa | /od | /os | /on]
When omitted, output only differences

/oa Output all of differences and matches
/od Output only differences
/os Output only matches
/on No output

Return Code:

0 – Succussful, the result compared is identical
1 – Failed
2 – Successful, the result compared is different

REG EXPORT

REG EXPORT KeyName FileName

Keyname
ROOTKEYSubKey (local machine only)
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY

FileName
The name of the disk file to export

REG IMPORT

REG IMPORT FileName

FileName
The name of the disk file to import (local machine only)

Examples

Each of the below examples are the examples Microsoft has listed in each of the command help menus available through the /? switch on this command.

Reg query examples:

REG QUERY HKLMSoftwareMicrosoftResKit /v Version

Displays the value of the registry value Version

REG QUERY HKLMSoftwareMicrosoftResKitNtSetup /s

Displays all subkeys and values under the registry key Setup

Reg add Examples:

REG ADD file://abc/HKLM/Software/MyCo

Adds a key HKLMSoftwareMyCo on remote machine ABC

REG ADD HKLMSoftwareMyCo /v Data /t REG_BINARY /d fe340ead

Adds a value (name: Data, type: REG_BINARY, data: fe340ead)

REG ADD HKLMSoftwareMyCo /v MRU /t REG_MULTI_SZ /d faxmail

Adds a value (name: MRU, type: REG_MUTLI_SZ, data: faxmail)

REG ADD HKLMSoftwareMyCo /v Path /t REG_EXPAND_SZ /d %%systemroot%%

Adds a value (name: Path, type: REG_EXPAND_SZ, data: %systemroot%)
Notice: Use the double percentage ( %% ) inside the expand string

Reg delete examples:

REG DELETE HKLMSoftwareMyCoMyAppTimeout

Deletes the registry key Timeout and its all subkeys and values

REG DELETE \ZODIACHKLMSoftwareMyCo /v MTU

Deletes the registry value MTU under MyCo on ZODIAC

Reg copy examples:

REG COPY HKLMSoftwareMyCoMyApp HKLMSoftwareMyCoSaveMyApp /s

Copies all subkeys and values under the key MyApp to the key SaveMyApp

REG COPY \ZODIACHKLMSoftwareMyCo HKLMSoftwareMyCo1

Copies all values under the key MyCo on ZODIAC to the key MyCo1
on the current machine

Reg save examples:

REG SAVE HKLMSoftwareMyCoMyApp AppBkUp.hiv

Saves the hive MyApp to the file AppBkUp.hiv in the current folder

Reg restore examples:

REG RESTORE HKLMSoftwareMicrosoftResKit NTRKBkUp.hiv

Restores the file NTRKBkUp.hiv overwriting the key ResKit

Reg load examples:

REG LOAD HKLMTempHive TempHive.hiv

Loads the file TempHive.hiv to the Key HKLMTempHive

Reg unload examples:

REG UNLOAD HKLMTempHive

Unloads the hive TempHive in HKLM

Reg compare examples:

REG COMPARE HKLMSoftwareMyCoMyApp HKLMSoftwareMyCoSaveMyApp

Compares all values under the key MyApp with SaveMyApp

REG COMPARE HKLMSoftwareMyCo HKLMSoftwareMyCo1 /v Version

Compares the value Version under the key MyCo and MyCo1

REG COMPARE \ZODIACHKLMSoftwareMyCo \. /s

Compares all subkeys and values under HKLMSoftwareMyCo on ZODIAC
with the same key on the current machine

Reg export examples:

REG EXPORT HKLMSoftwareMyCoMyApp AppBkUp.reg

Exports all subkeys and values of the key MyApp to the file AppBkUp.reg

Reg import examples:

REG IMPORT AppBkUp.reg

Imports registry entrys from the file AppBkUp.reg

 

Enjoy testing…..